Which versions of computerrock-babel-preset-react-app are malicious?

The following npm versions of computerrock-babel-preset-react-app are flagged malicious: 15.12.11. Treat any of these as compromised.

How do I remediate computerrock-babel-preset-react-app if I installed it?

Remove computerrock-babel-preset-react-app from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is computerrock-babel-preset-react-app part of a known attack campaign?

Yes — computerrock-babel-preset-react-app is associated with the IN-MAL-2026-006983 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect computerrock-babel-preset-react-app in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking computerrock-babel-preset-react-app and packages like it before any post-install script runs.

Malicious package

computerrock-babel-preset-react-appnpm

Malicious code in computerrock-babel-preset-react-app (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6131

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall computerrock-babel-preset-react-app

What this malware does

The package impersonates the well-known babel-preset-react-app under a fake org-style prefix and ships no Babel preset code. package.json declares "preinstall": "node index.js", which runs automatically on npm install. index.js collects hostname, platform, arch, homedir, username/uid/gid/shell, OS info, current working directory, and the output of whoami and id, then POSTs the JSON payload to a hardcoded https://0bccssrkeubggq24k750nrw0erki88wx.oastify.com/detox56 URL (a Burp Collaborator out-of-band exfiltration host). The package's only function is reconnaissance and exfiltration of installer-side identifiers to an attacker-controlled host.

Malicious versions

1 flagged

15.12.11

Indicators of compromise (SHA-256)

8987a1638ceebfb3dc8c8fc29e8e696fa15c6fe667697dfc367f59bf56b14cfa

Frequently asked questions

No. computerrock-babel-preset-react-app on npm has been identified as a malicious package (version 15.12.11 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-006983

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection